Here's what I've come up with (so far) for the EO sanitizer; please let me know if there's a better way. This approach gets the product's name and text attributes to not get &'d to death:
Code:$eo_sanitizer = AdminRequestSanitizer::getInstance(); $eo_group = array( 'update_products' => array( 'sanitizerType' => 'MULTI_DIMENSIONAL', 'method' => 'post', 'pages' => array('edit_orders'), 'params' => array( 'update_products' => array('sanitizerType' => 'CONVERT_INT'), 'qty' => array('sanitizerType' => 'CONVERT_INT'), //-This one should really be a float 'name' => array('sanitizerType' => 'PRODUCT_DESC_REGEX'), 'onetime_charges' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'), 'attr' => array( 'sanitizerType' => 'MULTI_DIMENSIONAL', 'params' => array( 'attr' => array('sanitizerType' => 'CONVERT_INT'), 'value' => array('sanitizerType' => 'PRODUCT_DESC_REGEX'), 'type' => array('sanitizerType' => 'CONVERT_INT') ) ), 'model' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX'), 'tax' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'), 'final_price' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'), ) ) ); $eo_sanitizer->addComplexSanitization ($eo_group);


Reply With Quote
